Configurable Software as a Service (SaaS) environments may have vulnerabilities introduced due to an insecure configuration or insecure code. With each customization and increasing complexity of the SaaS environment, critical and high risk security vulnerabilities may be introduced into the SaaS application. These vulnerabilities may not be detectable by conventional security software.